Merge pull request #82 from sousa-dev/feat/marketplace-module

feat(marketplace): v3 UGC module — models, services, API, moderation

Author: hc-sousa

src/marketplace/__init__.py

@@ -0,0 +1,46 @@
+from django.contrib import admin
+
+from marketplace.models import Review, ServiceCategory, ServiceProvider
+
+
+def _publish(modeladmin, request, queryset):
+    queryset.update(status=ServiceProvider.PUBLISHED)
+
+
+_publish.short_description = 'Publish selected'
+
+
+def _reject(modeladmin, request, queryset):
+    queryset.update(status=ServiceProvider.REJECTED)
+
+
+_reject.short_description = 'Reject selected'
+
+
+@admin.register(ServiceCategory)
+class ServiceCategoryAdmin(admin.ModelAdmin):
+    list_display = ('name', 'slug', 'user_suggested', 'island', 'icon')
+    list_filter = ('island', 'user_suggested')
+    search_fields = ('name', 'slug')
+    prepopulated_fields = {'slug': ('name',)}
+
+
+@admin.register(ServiceProvider)
+class ServiceProviderAdmin(admin.ModelAdmin):
+    list_display = ('name', 'category', 'status', 'is_promoted', 'rating', 'review_count', 'island')
+    list_filter = ('island', 'status', 'is_promoted', 'category')
+    search_fields = ('name', 'bio', 'phone', 'email')
+    actions = [_publish, _reject]
+
+
+@admin.register(Review)
+class ReviewAdmin(admin.ModelAdmin):
+    list_display = ('provider', 'rating', 'status', 'island', 'created_at')
+    list_filter = ('island', 'status', 'rating')
+    search_fields = ('text',)
+
+    def save_model(self, request, obj, form, change):
+        super().save_model(request, obj, form, change)
+        from marketplace.services import recompute_rating
+
+        recompute_rating(obj.provider)

src/marketplace/admin.py

@@ -0,0 +1,300 @@
+"""Marketplace v3 API (function views, service-backed, session-owned UGC)."""
+
+from __future__ import annotations
+
+from rest_framework import status
+from rest_framework.decorators import (
+    api_view,
+    permission_classes,
+    throttle_classes,
+)
+from rest_framework.permissions import AllowAny
+from rest_framework.request import Request
+from rest_framework.response import Response
+
+from consent.services import hash_session_id
+from marketplace import services
+from marketplace.serializers import (
+    ModerateSerializer,
+    ProviderWriteSerializer,
+    ReviewWriteSerializer,
+)
+from marketplace.throttling import MarketplaceWriteThrottle
+from tenancy.services import for_island
+
+
+def _require_island(request: Request) -> Response | None:
+    if request.island is None:
+        return Response(
+            {'error': {'code': 'island_required', 'message': 'Island context required'}},
+            status=status.HTTP_400_BAD_REQUEST,
+        )
+    return None
+
+
+def _error(code: str, message: str, http_status: int) -> Response:
+    return Response({'error': {'code': code, 'message': message}}, status=http_status)
+
+
+def _session_id(request: Request) -> str:
+    return (
+        request.headers.get('X-Session-Id', '').strip()
+        or str(request.GET.get('session_id', '')).strip()
+    )
+
+
+def _is_staff(request: Request) -> bool:
+    user = getattr(request, 'user', None)
+    return bool(user and user.is_authenticated and user.is_staff)
+
+
+def _write_data(validated: dict) -> dict:
+    return {k: v for k, v in validated.items() if k != 'session_id'}
+
+
+@api_view(['GET'])
+@permission_classes([AllowAny])
+def categories_view(request: Request) -> Response:
+    err = _require_island(request)
+    if err:
+        return err
+    with for_island(request.island):
+        return Response({'categories': services.list_categories()})
+
+
+@api_view(['GET', 'POST'])
+@permission_classes([AllowAny])
+@throttle_classes([MarketplaceWriteThrottle])
+def providers_view(request: Request) -> Response:
+    err = _require_island(request)
+    if err:
+        return err
+
+    if request.method == 'GET':
+        category = request.GET.get('category', '').strip() or None
+        q = request.GET.get('q', '').strip() or None
+        lat = _float_or_none(request.GET.get('lat'))
+        lng = _float_or_none(request.GET.get('lng'))
+        try:
+            limit = int(request.GET.get('limit', '50'))
+        except ValueError:
+            limit = 50
+        with for_island(request.island):
+            providers = services.list_providers(
+                category=category, q=q, lat=lat, lng=lng, limit=limit
+            )
+        return Response({'providers': providers})
+
+    serializer = ProviderWriteSerializer(data=request.data)
+    serializer.is_valid(raise_exception=True)
+    data = serializer.validated_data
+    session_id = data['session_id'].strip()
+    if not session_id:
+        return _error('session_required', 'session_id is required', status.HTTP_400_BAD_REQUEST)
+    name = (data.get('name') or '').strip()
+    category_slug = (data.get('category_slug') or '').strip()
+    category_name = (data.get('category_name') or '').strip()
+    if not name:
+        return _error('validation_error', 'name is required', status.HTTP_400_BAD_REQUEST)
+    if not category_slug and not category_name:
+        return _error(
+            'validation_error',
+            'category_slug or category_name is required',
+            status.HTTP_400_BAD_REQUEST,
+        )
+
+    session_hash = hash_session_id(session_id, request.island.key)
+    with for_island(request.island):
+        try:
+            payload = services.create_provider(
+                island=request.island, session_hash=session_hash, data=_write_data(data)
+            )
+        except services.CategoryNotFound:
+            return _error('invalid_category', 'Unknown category', status.HTTP_400_BAD_REQUEST)
+        except services.InvalidCategoryName:
+            return _error(
+                'invalid_category_name',
+                'Invalid category name (2–80 characters, at least one letter)',
+                status.HTTP_400_BAD_REQUEST,
+            )
+    return Response(payload, status=status.HTTP_201_CREATED)
+
+
+@api_view(['GET', 'PUT', 'PATCH', 'DELETE'])
+@permission_classes([AllowAny])
+@throttle_classes([MarketplaceWriteThrottle])
+def provider_detail_view(request: Request, provider_id: int) -> Response:
+    err = _require_island(request)
+    if err:
+        return err
+
+    session_hash = _hash_or_empty(_session_id(request), request)
+    is_staff = _is_staff(request)
+
+    if request.method == 'GET':
+        with for_island(request.island):
+            payload = services.get_provider(
+                provider_id, viewer_session_hash=session_hash, is_staff=is_staff
+            )
+        if payload is None:
+            return _error('not_found', 'Provider not found', status.HTTP_404_NOT_FOUND)
+        return Response(payload)
+
+    if request.method == 'DELETE':
+        with for_island(request.island):
+            try:
+                result = services.soft_delete_provider(
+                    provider_id, session_hash=session_hash, is_staff=is_staff
+                )
+            except services.OwnershipError:
+                return _error('not_owner', 'Not allowed', status.HTTP_403_FORBIDDEN)
+        if result is None:
+            return _error('not_found', 'Provider not found', status.HTTP_404_NOT_FOUND)
+        return Response(status=status.HTTP_204_NO_CONTENT)
+
+    # PUT / PATCH
+    serializer = ProviderWriteSerializer(data=request.data, partial=True)
+    serializer.is_valid(raise_exception=True)
+    data = serializer.validated_data
+    write_session = data.get('session_id', '').strip() or _session_id(request)
+    write_hash = _hash_or_empty(write_session, request)
+    with for_island(request.island):
+        try:
+            payload = services.update_provider(
+                provider_id, session_hash=write_hash, is_staff=is_staff, data=_write_data(data)
+            )
+        except services.OwnershipError:
+            return _error('not_owner', 'Not allowed', status.HTTP_403_FORBIDDEN)
+        except services.CategoryNotFound:
+            return _error('invalid_category', 'Unknown category', status.HTTP_400_BAD_REQUEST)
+        except services.InvalidCategoryName:
+            return _error(
+                'invalid_category_name',
+                'Invalid category name (2–80 characters, at least one letter)',
+                status.HTTP_400_BAD_REQUEST,
+            )
+    if payload is None:
+        return _error('not_found', 'Provider not found', status.HTTP_404_NOT_FOUND)
+    return Response(payload)
+
+
+@api_view(['GET', 'POST'])
+@permission_classes([AllowAny])
+@throttle_classes([MarketplaceWriteThrottle])
+def provider_reviews_view(request: Request, provider_id: int) -> Response:
+    err = _require_island(request)
+    if err:
+        return err
+
+    if request.method == 'GET':
+        with for_island(request.island):
+            return Response({'reviews': services.list_reviews(provider_id)})
+
+    serializer = ReviewWriteSerializer(data=request.data)
+    serializer.is_valid(raise_exception=True)
+    data = serializer.validated_data
+    session_id = data['session_id'].strip()
+    if not session_id:
+        return _error('session_required', 'session_id is required', status.HTTP_400_BAD_REQUEST)
+    session_hash = hash_session_id(session_id, request.island.key)
+    with for_island(request.island):
+        result = services.upsert_review(
+            provider_id=provider_id,
+            session_hash=session_hash,
+            rating=data['rating'],
+            text=data.get('text', ''),
+        )
+    if result is None:
+        return _error('not_found', 'Provider not found', status.HTTP_404_NOT_FOUND)
+    payload, created = result
+    return Response(payload, status=status.HTTP_201_CREATED if created else status.HTTP_200_OK)
+
+
+@api_view(['PUT', 'PATCH', 'DELETE'])
+@permission_classes([AllowAny])
+@throttle_classes([MarketplaceWriteThrottle])
+def review_detail_view(request: Request, review_id: int) -> Response:
+    err = _require_island(request)
+    if err:
+        return err
+
+    is_staff = _is_staff(request)
+
+    if request.method == 'DELETE':
+        session_hash = _hash_or_empty(_session_id(request), request)
+        with for_island(request.island):
+            try:
+                result = services.delete_review(
+                    review_id, session_hash=session_hash, is_staff=is_staff
+                )
+            except services.OwnershipError:
+                return _error('not_owner', 'Not allowed', status.HTTP_403_FORBIDDEN)
+        if result is None:
+            return _error('not_found', 'Review not found', status.HTTP_404_NOT_FOUND)
+        return Response(status=status.HTTP_204_NO_CONTENT)
+
+    serializer = ReviewWriteSerializer(data=request.data, partial=True)
+    serializer.is_valid(raise_exception=True)
+    data = serializer.validated_data
+    session_hash = _hash_or_empty(
+        data.get('session_id', '').strip() or _session_id(request), request
+    )
+    with for_island(request.island):
+        try:
+            payload = services.update_review(
+                review_id, session_hash=session_hash, is_staff=is_staff, data=_write_data(data)
+            )
+        except services.OwnershipError:
+            return _error('not_owner', 'Not allowed', status.HTTP_403_FORBIDDEN)
+    if payload is None:
+        return _error('not_found', 'Review not found', status.HTTP_404_NOT_FOUND)
+    return Response(payload)
+
+
+@api_view(['POST'])
+@permission_classes([AllowAny])
+def provider_moderate_view(request: Request, provider_id: int) -> Response:
+    err = _require_island(request)
+    if err:
+        return err
+    if not _is_staff(request):
+        return _error('not_authorized', 'Staff only', status.HTTP_403_FORBIDDEN)
+    serializer = ModerateSerializer(data=request.data)
+    serializer.is_valid(raise_exception=True)
+    with for_island(request.island):
+        payload = services.moderate_provider(provider_id, serializer.validated_data['action'])
+    if payload is None:
+        return _error('not_found', 'Provider not found', status.HTTP_404_NOT_FOUND)
+    return Response(payload)
+
+
+@api_view(['POST'])
+@permission_classes([AllowAny])
+def review_moderate_view(request: Request, review_id: int) -> Response:
+    err = _require_island(request)
+    if err:
+        return err
+    if not _is_staff(request):
+        return _error('not_authorized', 'Staff only', status.HTTP_403_FORBIDDEN)
+    serializer = ModerateSerializer(data=request.data)
+    serializer.is_valid(raise_exception=True)
+    with for_island(request.island):
+        payload = services.moderate_review(review_id, serializer.validated_data['action'])
+    if payload is None:
+        return _error('not_found', 'Review not found', status.HTTP_404_NOT_FOUND)
+    return Response(payload)
+
+
+def _float_or_none(raw: str | None) -> float | None:
+    if raw is None or str(raw).strip() == '':
+        return None
+    try:
+        return float(raw)
+    except ValueError:
+        return None
+
+
+def _hash_or_empty(session_id: str, request: Request) -> str:
+    if not session_id:
+        return ''
+    return hash_session_id(session_id, request.island.key)

src/marketplace/api_v3.py

@@ -0,0 +1,7 @@
+from django.apps import AppConfig
+
+
+class MarketplaceConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'marketplace'
+    verbose_name = 'Marketplace'